* [PATCH] ARM: ep93xx: toss the device ID into the entropy pool
@ 2015-06-18 14:47 Linus Walleij
2015-06-18 17:15 ` Hartley Sweeten
2015-06-23 20:39 ` Arnd Bergmann
0 siblings, 2 replies; 4+ messages in thread
From: Linus Walleij @ 2015-06-18 14:47 UTC (permalink / raw)
To: linux-arm-kernel
It doesn't hurt to add this random stuff into the entropy pool
as is custom to do with device-unique numbers.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
arch/arm/mach-ep93xx/core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/arm/mach-ep93xx/core.c b/arch/arm/mach-ep93xx/core.c
index 5e2151bcc0c5..c393b1b0310d 100644
--- a/arch/arm/mach-ep93xx/core.c
+++ b/arch/arm/mach-ep93xx/core.c
@@ -37,6 +37,7 @@
#include <linux/irqchip/arm-vic.h>
#include <linux/reboot.h>
#include <linux/usb/ohci_pdriver.h>
+#include <linux/random.h>
#include <mach/hardware.h>
#include <linux/platform_data/video-ep93xx.h>
@@ -862,6 +863,12 @@ static const char __init *ep93xx_get_soc_id(void)
if (id != id2)
return "invalid";
+ /* Toss the unique ID into the entropy pool */
+ add_device_randomness(&id2, 4);
+ add_device_randomness(&id3, 4);
+ add_device_randomness(&id4, 4);
+ add_device_randomness(&id5, 4);
+
snprintf(ep93xx_soc_id, sizeof(ep93xx_soc_id),
"%08x%08x%08x%08x", id2, id3, id4, id5);
--
1.9.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] ARM: ep93xx: toss the device ID into the entropy pool
2015-06-18 14:47 [PATCH] ARM: ep93xx: toss the device ID into the entropy pool Linus Walleij
@ 2015-06-18 17:15 ` Hartley Sweeten
2015-06-23 20:39 ` Arnd Bergmann
1 sibling, 0 replies; 4+ messages in thread
From: Hartley Sweeten @ 2015-06-18 17:15 UTC (permalink / raw)
To: linux-arm-kernel
On Thursday, June 18, 2015 7:48 AM, Linus Walleij wrote:
> It doesn't hurt to add this random stuff into the entropy pool
> as is custom to do with device-unique numbers.
>
> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
> ---
> arch/arm/mach-ep93xx/core.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/arch/arm/mach-ep93xx/core.c b/arch/arm/mach-ep93xx/core.c
> index 5e2151bcc0c5..c393b1b0310d 100644
> --- a/arch/arm/mach-ep93xx/core.c
> +++ b/arch/arm/mach-ep93xx/core.c
> @@ -37,6 +37,7 @@
> #include <linux/irqchip/arm-vic.h>
> #include <linux/reboot.h>
> #include <linux/usb/ohci_pdriver.h>
> +#include <linux/random.h>
>
> #include <mach/hardware.h>
> #include <linux/platform_data/video-ep93xx.h>
> @@ -862,6 +863,12 @@ static const char __init *ep93xx_get_soc_id(void)
> if (id != id2)
> return "invalid";
>
> + /* Toss the unique ID into the entropy pool */
> + add_device_randomness(&id2, 4);
> + add_device_randomness(&id3, 4);
> + add_device_randomness(&id4, 4);
> + add_device_randomness(&id5, 4);
> +
> snprintf(ep93xx_soc_id, sizeof(ep93xx_soc_id),
> "%08x%08x%08x%08x", id2, id3, id4, id5);
Make sense.
Reviewed-by: H Hartley Sweeten <hsweeten@visionengravers.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] ARM: ep93xx: toss the device ID into the entropy pool
2015-06-18 14:47 [PATCH] ARM: ep93xx: toss the device ID into the entropy pool Linus Walleij
2015-06-18 17:15 ` Hartley Sweeten
@ 2015-06-23 20:39 ` Arnd Bergmann
2015-06-24 6:14 ` Michael van der Westhuizen
1 sibling, 1 reply; 4+ messages in thread
From: Arnd Bergmann @ 2015-06-23 20:39 UTC (permalink / raw)
To: linux-arm-kernel
On Thursday 18 June 2015 16:47:39 Linus Walleij wrote:
> @@ -862,6 +863,12 @@ static const char __init *ep93xx_get_soc_id(void)
> if (id != id2)
> return "invalid";
>
> + /* Toss the unique ID into the entropy pool */
> + add_device_randomness(&id2, 4);
> + add_device_randomness(&id3, 4);
> + add_device_randomness(&id4, 4);
> + add_device_randomness(&id5, 4);
> +
>
A stupid question from someone who does not understand computer
security: Is there any concern about being able to identify a
particular machine based on the random numbers generated at
runtime afterwards?
Arnd
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] ARM: ep93xx: toss the device ID into the entropy pool
2015-06-23 20:39 ` Arnd Bergmann
@ 2015-06-24 6:14 ` Michael van der Westhuizen
0 siblings, 0 replies; 4+ messages in thread
From: Michael van der Westhuizen @ 2015-06-24 6:14 UTC (permalink / raw)
To: linux-arm-kernel
On 23 June 2015 at 22:39, Arnd Bergmann <arnd@arndb.de> wrote:
> On Thursday 18 June 2015 16:47:39 Linus Walleij wrote:
>> @@ -862,6 +863,12 @@ static const char __init *ep93xx_get_soc_id(void)
>> if (id != id2)
>> return "invalid";
>>
>> + /* Toss the unique ID into the entropy pool */
>> + add_device_randomness(&id2, 4);
>> + add_device_randomness(&id3, 4);
>> + add_device_randomness(&id4, 4);
>> + add_device_randomness(&id5, 4);
>> +
>>
>
> A stupid question from someone who does not understand computer
> security: Is there any concern about being able to identify a
> particular machine based on the random numbers generated at
> runtime afterwards?
No, not in this case. The reason for this pattern (where any SoC specific
data that is not visible out of the SoC is mixed in to the initial entropy pool)
is to avoid class attacks against device families due to similarity of initial
random numbers affecting this quality of early ephemeral keys.
A general guideline is that any data that cannot be determined unless
you're actually running within the SoC can be mixed into the entropy pool.
Of course, nothing beats a half-decent hardware RNG as an initial entropy
source.
Michael
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-06-24 6:14 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-18 14:47 [PATCH] ARM: ep93xx: toss the device ID into the entropy pool Linus Walleij
2015-06-18 17:15 ` Hartley Sweeten
2015-06-23 20:39 ` Arnd Bergmann
2015-06-24 6:14 ` Michael van der Westhuizen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).